Kiba Posted November 11, 2013 ID:752253 Share Posted November 11, 2013 Malwarebytes detected potential risks: - Registry Keys Detected: 1HKLM\SYSTEM\CurrentControlSet\Services\Adobe Licensing Console (Trojan.Clicker.CT) -> Quarantined and deleted successfully. - Files Detected: 1C:\Windows\System32\msvfd32.exe (Trojan.Clicker.CT) -> Quarantined and deleted successfully. After removing threats, i fully scanned with Malwarebytes, Spybot S&D 2 and Microsoft Security Essiantials. No threats found. I tend to be careful so i don't know where i got those trojans from. Only explanation is an infected website. 1. I'm not sure if Adobe Licensing Console is a false positive? "Attach log report: Error: Service Control Manager [7000] - The Adobe Licensing Console service failed to start due to the following error: The system cannot find the file specified." What is Adobe Licensing Console and how crucial is it? I haven't installed any Adobe products except for the mandatory flashplayer plugin for firefox. 2. What is a Trojan.Clicker.CT/msvfd32.exe exactly and how risky is it? Is this a concern for my privacy - could it potentially come back or is it even completely removed? I haven't noticed any problems with my computer. Everything seems OK. attach.txtdds.txtmbam-log-2013-11-10 (15-13-41) trojan.clicker.txt Link to post Share on other sites More sharing options...
Psychotic Posted November 11, 2013 ID:752270 Share Posted November 11, 2013 Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding. Scan with Gmer rootkit scannerPlease download Gmer from here by clicking on the "Download EXE" Button.Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO. In the right panel, you will see several boxes that have been checked. Uncheck the following ...Sections IAT/EAT Show All ( should be unchecked by default )[*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries Link to post Share on other sites More sharing options...
Kiba Posted November 11, 2013 Author ID:752289 Share Posted November 11, 2013 Gmer did not find anything. Just to note, it was set to Quick Scan - as default. I have actually noticed a little loading time lag when i open Firefox, but sometimes firefox is like that. Maybe some plugin. If i open a new firefox window, while there is one already open, there is not much startup delay. Link to post Share on other sites More sharing options...
Psychotic Posted November 12, 2013 ID:752585 Share Posted November 12, 2013 Scan with FRST in normal modePlease download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)Run FRST. Don´t change one of the checkboxes and hit Scan. Logfiles are created on your desktop. Poste the FRST.txt and (after the first scan only!) the Addition.txt. Link to post Share on other sites More sharing options...
Kiba Posted November 12, 2013 Author ID:752677 Share Posted November 12, 2013 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2013 01Ran by Kiba (administrator) on KIBA1 on 12-11-2013 18:00:30Running from D:\DLWindows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 8Boot Mode: Normal==================== Processes (Whitelisted) =================(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE() C:\Windows\system32\atwtusb.exe() C:\Windows\system32\atwtusb.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe(Realtek Semiconductor) C:\Windows\RAVCpl64.exe() C:\Windows\System32\AtwtusbIcon.exe(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe==================== Registry (Whitelisted) ==================HKLM\...\Run: [RtHDVCpl] - C:\Windows\RAVCpl64.exe [6150656 2008-03-26] (Realtek Semiconductor)HKLM\...\Run: [skytel] - C:\Windows\SkyTel.exe [1826816 2007-11-21] (Realtek Semiconductor Corp.)HKLM\...\Run: [AtwtusbIcon] - C:\Windows\System32\AtwtusbIcon.exe [3593728 2012-09-10] ()HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe [825184 2009-09-30] (Microsoft Corporation)HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)HKCU\...\Run: [steam] - D:\Games\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation)MountPoints2: {02c2817c-4005-11e3-a8f4-00508dc05268} - F:\Autorun.exeMountPoints2: {02c28199-4005-11e3-a8f4-00508dc05268} - F:\AutoRun.exeMountPoints2: {581aaf68-3fae-11e3-ab57-00508dc05268} - F:\Autorun.exeMountPoints2: {581aaf7f-3fae-11e3-ab57-00508dc05268} - F:\Autorun.exeMountPoints2: {581aaf8d-3fae-11e3-ab57-00508dc05268} - F:\Autorun.exeMountPoints2: {a824fd04-400a-11e3-97c2-00508dc05268} - F:\AutoRun.exeMountPoints2: {fab74a3d-400f-11e3-9f31-00508dc05268} - F:\AutoRun.exeMountPoints2: {fab74a5c-400f-11e3-9f31-00508dc05268} - F:\AutoRun.exeHKLM-x32\...\Run: [sDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)HKU\Default\...\Run: [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRunHKU\Default User\...\Run: [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRunBootExecute: autocheck autochk * sdnclean64.exe==================== Internet (Whitelisted) ====================BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.100.1FireFox:========FF ProfilePath: C:\Users\Kiba\AppData\Roaming\Mozilla\Firefox\Profiles\c604mc1y.defaultFF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin - D:\Apps\SumatraPDF\npPdfViewer.dll (Simon Bünzli)FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Kiba\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF Extension: Adblock Plus - C:\Users\Kiba\AppData\Roaming\Mozilla\Firefox\Profiles\c604mc1y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpiFF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExtFF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt==================== Services (Whitelisted) =================R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)S3 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-12] ()R3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)R2 WTService; C:\Windows\system32\atwtusb.exe [581120 2012-10-19] ()==================== Drivers (Whitelisted) ====================R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-09] (Windows ® Codename Longhorn DDK provider)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows ® Win 7 DDK provider)S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x]S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [x]S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [x]S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [x]S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [x]S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [x]S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]S3 tsusbhub; system32\drivers\tsusbhub.sys [x]S3 VGPU; System32\drivers\rdvgkmd.sys [x]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-11-12 18:00 - 2013-11-12 18:00 - 00000000 ____D C:\FRST2013-11-11 22:07 - 2013-11-11 22:07 - 00011660 _____ C:\Users\Kiba\AppData\Local\recently-used.xbel2013-11-11 13:07 - 2013-11-11 13:34 - 00005009 _____ C:\Users\Kiba\Desktop\attach.txt2013-11-11 13:07 - 2013-11-11 13:32 - 00012683 _____ C:\Users\Kiba\Desktop\dds.txt2013-11-10 17:57 - 2013-11-10 17:57 - 00001945 _____ C:\Windows\epplauncher.mif2013-11-10 17:57 - 2013-11-10 17:57 - 00000000 ____D C:\Program Files\Microsoft Security Client2013-11-10 17:57 - 2013-11-10 17:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client2013-11-10 15:53 - 2013-11-10 15:53 - 00000314 _____ C:\Windows\PFRO.log2013-11-10 14:55 - 2013-11-12 08:57 - 00000224 _____ C:\Windows\setupact.log2013-11-10 14:55 - 2013-11-10 14:55 - 00000000 _____ C:\Windows\setuperr.log2013-11-09 23:18 - 2013-11-09 23:18 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll2013-11-09 23:18 - 2013-11-09 23:18 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll2013-11-09 23:18 - 2013-11-09 23:18 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll2013-11-09 23:18 - 2013-11-09 23:18 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll2013-11-09 23:18 - 2013-11-09 23:18 - 00000000 ____D C:\Program Files (x86)\OpenAL2013-11-01 14:58 - 2013-11-01 14:58 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Camel Audio2013-11-01 14:58 - 2013-11-01 14:58 - 00000000 ____D C:\ProgramData\Camel Audio2013-11-01 14:58 - 2013-11-01 14:58 - 00000000 ____D C:\Program Files (x86)\Camel Audio2013-10-31 22:58 - 2013-10-31 22:58 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Plogue Art et Technologie, Inc2013-10-31 22:58 - 2013-10-31 22:58 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Plogue2013-10-31 22:52 - 2013-10-31 22:52 - 00000000 ____D C:\Program Files\Plogue2013-10-30 16:37 - 2013-10-30 16:37 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v22013-10-30 16:37 - 2013-10-30 16:37 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v22013-10-30 16:26 - 2013-11-10 19:35 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line2013-10-30 16:26 - 2013-10-30 16:26 - 00000000 ____D C:\Users\Kiba\Documents\Image-Line2013-10-30 16:26 - 2013-10-30 16:26 - 00000000 ____D C:\Program Files (x86)\Image-Line2013-10-30 16:26 - 2009-09-15 11:14 - 01554944 _____ (HMS http://hp.vector.co.jp/authors/VA012897/) C:\Windows\SysWOW64\vorbis.acm2013-10-30 16:25 - 2013-10-30 16:25 - 00000000 ____D C:\Program Files (x86)\Outsim2013-10-30 15:42 - 2013-10-30 15:42 - 00002770 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC2013-10-30 15:31 - 2013-10-30 15:31 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Malwarebytes2013-10-30 15:31 - 2013-10-30 15:31 - 00000000 ____D C:\ProgramData\Malwarebytes2013-10-30 15:31 - 2013-10-30 15:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-10-30 15:31 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2013-10-28 21:04 - 2013-10-28 21:04 - 00000000 ____D C:\Windows\system32\appmgmt2013-10-28 20:41 - 2013-11-01 11:31 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin2013-10-28 19:57 - 2013-10-28 19:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf2013-10-28 19:57 - 2013-10-28 19:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf2013-10-28 19:56 - 2013-10-28 19:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf2013-10-28 19:55 - 2013-01-29 17:05 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll2013-10-28 19:55 - 2013-01-29 17:05 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll2013-10-27 15:41 - 2013-10-27 15:42 - 00000000 ____D C:\Users\Kiba\AppData\Local\Microsoft Games2013-10-24 15:08 - 2013-10-24 15:08 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Blender Foundation2013-10-24 13:55 - 2013-10-24 13:56 - 00000000 ____D C:\Program Files\Common Files\Logishrd2013-10-24 13:39 - 2013-10-24 13:39 - 00000000 ____D C:\Users\Public\Documents\Logishrd2013-10-24 13:39 - 2013-10-24 13:39 - 00000000 ____D C:\ProgramData\Logitech2013-10-24 13:37 - 2013-10-28 22:21 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys2013-10-24 13:37 - 2013-10-24 13:56 - 00000000 ____D C:\ProgramData\Logishrd2013-10-24 13:37 - 2013-10-24 13:37 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Leadertech2013-10-24 13:36 - 2013-10-24 13:36 - 00000000 ____D C:\Program Files\Logitech2013-10-24 13:35 - 2013-10-24 13:35 - 00000000 ____D C:\Users\Kiba\AppData\Local\Eraser 62013-10-24 13:34 - 2013-10-24 13:39 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Logitech2013-10-24 13:34 - 2013-10-24 13:34 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Logishrd2013-10-24 11:49 - 2013-11-10 14:24 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\inkscape2013-10-23 19:27 - 2013-11-10 14:24 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Media Player Classic2013-10-22 11:31 - 2013-10-22 11:31 - 00000000 ____D C:\Users\Kiba\AppData\Local\Unity2013-10-22 11:29 - 2013-10-22 11:29 - 00000000 ____D C:\Users\Public\Documents\Unity Projects2013-10-21 16:46 - 2013-10-21 16:46 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Notepad++2013-10-21 16:46 - 2013-10-21 16:46 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++2013-10-20 13:28 - 2013-10-20 13:28 - 00000000 ____D C:\Windows\SysWOW64\directx2013-10-20 13:28 - 2013-10-20 13:28 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Hi-Rez Studios2013-10-20 13:27 - 2013-10-20 13:27 - 00000000 ____D C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP2013-10-15 23:49 - 2013-10-15 23:49 - 00000000 ____D C:\Users\Kiba\Documents\ProcAlyzer Dumps2013-10-15 19:32 - 2013-10-15 19:32 - 00000000 ____D C:\Program Files\Microsoft Silverlight2013-10-15 19:32 - 2013-10-15 19:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight2013-10-15 18:01 - 2013-10-23 21:40 - 00000000 ____D C:\Users\Kiba\AppData\Local\gtk-2.02013-10-15 17:59 - 2013-10-24 15:05 - 00000000 ____D C:\Users\Kiba\.thumbnails2013-10-15 17:33 - 2013-11-01 14:51 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Spotify2013-10-15 17:33 - 2013-11-01 11:50 - 00000000 ____D C:\Users\Kiba\AppData\Local\Spotify2013-10-15 17:33 - 2013-10-15 17:33 - 00001837 _____ C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk2013-10-14 20:35 - 2013-11-11 22:02 - 00000000 ____D C:\Users\Kiba\AppData\Local\mypaint2013-10-14 20:34 - 2013-10-14 20:34 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPaint2013-10-13 23:46 - 2013-10-13 23:46 - 00007628 _____ C:\Users\Kiba\AppData\Local\Resmon.ResmonCfg2013-10-13 18:38 - 2013-10-13 18:38 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf2013-10-13 18:38 - 2013-10-13 18:38 - 00000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories2013-10-13 00:14 - 2013-10-29 15:12 - 00000000 ____D C:\Users\Kiba\.gimp-2.82013-10-13 00:14 - 2013-10-13 00:14 - 00000000 ____D C:\Users\Kiba\AppData\Local\gegl-0.2==================== One Month Modified Files and Folders =======2013-11-12 18:00 - 2013-11-12 18:00 - 00000000 ____D C:\FRST2013-11-12 17:22 - 2013-10-07 00:58 - 01244225 _____ C:\Windows\WindowsUpdate.log2013-11-12 09:05 - 2009-07-14 06:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-11-12 09:05 - 2009-07-14 06:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-11-12 09:04 - 2009-07-14 07:13 - 00779266 _____ C:\Windows\system32\PerfStringBackup.INI2013-11-12 08:57 - 2013-11-10 14:55 - 00000224 _____ C:\Windows\setupact.log2013-11-12 08:57 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-11-12 08:57 - 2009-07-14 04:34 - 00000418 _____ C:\Windows\win.ini2013-11-11 22:07 - 2013-11-11 22:07 - 00011660 _____ C:\Users\Kiba\AppData\Local\recently-used.xbel2013-11-11 22:02 - 2013-10-14 20:35 - 00000000 ____D C:\Users\Kiba\AppData\Local\mypaint2013-11-11 13:34 - 2013-11-11 13:07 - 00005009 _____ C:\Users\Kiba\Desktop\attach.txt2013-11-11 13:32 - 2013-11-11 13:07 - 00012683 _____ C:\Users\Kiba\Desktop\dds.txt2013-11-11 09:48 - 2013-10-11 01:04 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy2013-11-11 09:07 - 2009-07-14 06:45 - 00274320 _____ C:\Windows\system32\FNTCACHE.DAT2013-11-10 22:03 - 2013-10-11 01:52 - 00057560 _____ C:\Users\Kiba\AppData\Local\GDIPFONTCACHEV1.DAT2013-11-10 19:35 - 2013-10-30 16:26 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line2013-11-10 17:57 - 2013-11-10 17:57 - 00001945 _____ C:\Windows\epplauncher.mif2013-11-10 17:57 - 2013-11-10 17:57 - 00000000 ____D C:\Program Files\Microsoft Security Client2013-11-10 17:57 - 2013-11-10 17:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client2013-11-10 15:53 - 2013-11-10 15:53 - 00000314 _____ C:\Windows\PFRO.log2013-11-10 15:02 - 2013-10-11 21:24 - 00000000 ____D C:\Users\Kiba\AppData\Local\NVIDIA2013-11-10 15:02 - 2013-10-06 17:28 - 00000000 ____D C:\ProgramData\NVIDIA2013-11-10 15:02 - 2013-10-06 17:27 - 00000000 ____D C:\ProgramData\NVIDIA Corporation2013-11-10 15:02 - 2013-10-06 17:27 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation2013-11-10 15:02 - 2013-10-06 17:15 - 00000000 ____D C:\Program Files\NVIDIA Corporation2013-11-10 14:55 - 2013-11-10 14:55 - 00000000 _____ C:\Windows\setuperr.log2013-11-10 14:24 - 2013-10-24 11:49 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\inkscape2013-11-10 14:24 - 2013-10-23 19:27 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Media Player Classic2013-11-10 14:24 - 2013-10-07 01:55 - 00000000 ____D C:\Windows\Panther2013-11-10 12:33 - 2013-10-07 01:15 - 00000000 ___RD C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2013-11-09 23:19 - 2013-10-11 02:07 - 00000000 ____D C:\Users\Kiba\Documents\My Games2013-11-09 23:18 - 2013-11-09 23:18 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll2013-11-09 23:18 - 2013-11-09 23:18 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll2013-11-09 23:18 - 2013-11-09 23:18 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll2013-11-09 23:18 - 2013-11-09 23:18 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll2013-11-09 23:18 - 2013-11-09 23:18 - 00000000 ____D C:\Program Files (x86)\OpenAL2013-11-09 21:58 - 2013-10-06 16:49 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\.purple2013-11-06 14:05 - 2013-10-06 16:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2013-11-06 00:14 - 2013-10-06 16:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-11-01 14:58 - 2013-11-01 14:58 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Camel Audio2013-11-01 14:58 - 2013-11-01 14:58 - 00000000 ____D C:\ProgramData\Camel Audio2013-11-01 14:58 - 2013-11-01 14:58 - 00000000 ____D C:\Program Files (x86)\Camel Audio2013-11-01 14:51 - 2013-10-15 17:33 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Spotify2013-11-01 11:50 - 2013-10-15 17:33 - 00000000 ____D C:\Users\Kiba\AppData\Local\Spotify2013-11-01 11:31 - 2013-10-28 20:41 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin2013-10-31 22:58 - 2013-10-31 22:58 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Plogue Art et Technologie, Inc2013-10-31 22:58 - 2013-10-31 22:58 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Plogue2013-10-31 22:52 - 2013-10-31 22:52 - 00000000 ____D C:\Program Files\Plogue2013-10-30 16:53 - 2013-10-07 01:15 - 00000000 ____D C:\Users\Kiba\AppData\Local\VirtualStore2013-10-30 16:37 - 2013-10-30 16:37 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v22013-10-30 16:37 - 2013-10-30 16:37 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v22013-10-30 16:26 - 2013-10-30 16:26 - 00000000 ____D C:\Users\Kiba\Documents\Image-Line2013-10-30 16:26 - 2013-10-30 16:26 - 00000000 ____D C:\Program Files (x86)\Image-Line2013-10-30 16:25 - 2013-10-30 16:25 - 00000000 ____D C:\Program Files (x86)\Outsim2013-10-30 15:42 - 2013-10-30 15:42 - 00002770 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC2013-10-30 15:31 - 2013-10-30 15:31 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Malwarebytes2013-10-30 15:31 - 2013-10-30 15:31 - 00000000 ____D C:\ProgramData\Malwarebytes2013-10-30 15:31 - 2013-10-30 15:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-10-29 15:12 - 2013-10-13 00:14 - 00000000 ____D C:\Users\Kiba\.gimp-2.82013-10-28 22:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF2013-10-28 22:21 - 2013-10-24 13:37 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys2013-10-28 21:04 - 2013-10-28 21:04 - 00000000 ____D C:\Windows\system32\appmgmt2013-10-28 19:57 - 2013-10-28 19:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf2013-10-28 19:57 - 2013-10-28 19:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf2013-10-28 19:56 - 2013-10-28 19:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf2013-10-28 19:55 - 2013-10-07 04:01 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information2013-10-27 15:42 - 2013-10-27 15:41 - 00000000 ____D C:\Users\Kiba\AppData\Local\Microsoft Games2013-10-26 16:55 - 2013-10-12 05:31 - 00283032 _____ C:\Windows\SysWOW64\PnkBstrB.xtr2013-10-26 16:55 - 2013-10-12 05:16 - 00283032 _____ C:\Windows\SysWOW64\PnkBstrB.exe2013-10-24 15:08 - 2013-10-24 15:08 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Blender Foundation2013-10-24 15:05 - 2013-10-15 17:59 - 00000000 ____D C:\Users\Kiba\.thumbnails2013-10-24 13:56 - 2013-10-24 13:55 - 00000000 ____D C:\Program Files\Common Files\Logishrd2013-10-24 13:56 - 2013-10-24 13:37 - 00000000 ____D C:\ProgramData\Logishrd2013-10-24 13:39 - 2013-10-24 13:39 - 00000000 ____D C:\Users\Public\Documents\Logishrd2013-10-24 13:39 - 2013-10-24 13:39 - 00000000 ____D C:\ProgramData\Logitech2013-10-24 13:39 - 2013-10-24 13:34 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Logitech2013-10-24 13:37 - 2013-10-24 13:37 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Leadertech2013-10-24 13:36 - 2013-10-24 13:36 - 00000000 ____D C:\Program Files\Logitech2013-10-24 13:35 - 2013-10-24 13:35 - 00000000 ____D C:\Users\Kiba\AppData\Local\Eraser 62013-10-24 13:34 - 2013-10-24 13:34 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Logishrd2013-10-23 21:40 - 2013-10-15 18:01 - 00000000 ____D C:\Users\Kiba\AppData\Local\gtk-2.02013-10-22 11:46 - 2009-07-14 04:34 - 00450639 ____R C:\Windows\system32\Drivers\etc\hosts.20131110-164044.backup2013-10-22 11:31 - 2013-10-22 11:31 - 00000000 ____D C:\Users\Kiba\AppData\Local\Unity2013-10-22 11:29 - 2013-10-22 11:29 - 00000000 ____D C:\Users\Public\Documents\Unity Projects2013-10-21 16:46 - 2013-10-21 16:46 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Notepad++2013-10-21 16:46 - 2013-10-21 16:46 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++2013-10-20 13:30 - 2013-10-11 10:13 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\NVIDIA2013-10-20 13:28 - 2013-10-20 13:28 - 00000000 ____D C:\Windows\SysWOW64\directx2013-10-20 13:28 - 2013-10-20 13:28 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Hi-Rez Studios2013-10-20 13:27 - 2013-10-20 13:27 - 00000000 ____D C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP2013-10-16 10:59 - 2009-07-14 04:34 - 00450639 ____R C:\Windows\system32\Drivers\etc\hosts.20131022-124641.backup2013-10-15 23:49 - 2013-10-15 23:49 - 00000000 ____D C:\Users\Kiba\Documents\ProcAlyzer Dumps2013-10-15 19:32 - 2013-10-15 19:32 - 00000000 ____D C:\Program Files\Microsoft Silverlight2013-10-15 19:32 - 2013-10-15 19:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight2013-10-15 17:59 - 2013-10-07 01:14 - 00000000 ____D C:\Users\Kiba2013-10-15 17:33 - 2013-10-15 17:33 - 00001837 _____ C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk2013-10-15 10:36 - 2013-10-07 04:10 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2013-10-15 10:36 - 2013-10-07 04:10 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2013-10-14 20:34 - 2013-10-14 20:34 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPaint2013-10-14 20:15 - 2013-10-12 05:16 - 00283032 _____ C:\Windows\SysWOW64\PnkBstrB.ex02013-10-13 23:46 - 2013-10-13 23:46 - 00007628 _____ C:\Users\Kiba\AppData\Local\Resmon.ResmonCfg2013-10-13 18:38 - 2013-10-13 18:38 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf2013-10-13 18:38 - 2013-10-13 18:38 - 00000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories2013-10-13 00:14 - 2013-10-13 00:14 - 00000000 ____D C:\Users\Kiba\AppData\Local\gegl-0.2==================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legitLastRegBack: 2013-11-10 21:47==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Kiba Posted November 12, 2013 Author ID:752678 Share Posted November 12, 2013 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2013 01Ran by Kiba at 2013-11-12 18:01:16Running from D:\DLBoot Mode: Normal============================================================================== Security Center ========================AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}==================== Installed Programs ======================7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)ARIA Engine v1.6.6.9 (Version: v1.6.6.9)ASIO4ALL (x32 Version: 2.11 Beta2)Bastion (x32)BioShock (x32)Blacklight: Retribution (x32)Blender (Version: 2.68a)Blood Bowl: Chaos Edition (x32)Camel Audio Alchemy (x32 Version: 1.55.0)CCleaner (Version: 4.07)Dungeons of Dredmor (x32)Eraser 6.0.10.2620 (Version: 6.0.2620)eReg (x32 Version: 1.20.138.34)FL Studio 10 (x32)FTL: Faster Than Light (x32)GIMP 2.8.6 (Version: 2.8.6)Global Agenda (x32)Hotline Miami (x32)Inkscape 0.48.4 (x32 Version: 0.48.4)Killing Floor (x32)King's Bounty: Crossworlds (x32)LIMBO (x32)Logitech SetPoint 6.61 (Version: 6.61.15)Magic: The Gathering - Duels of the Planeswalkers 2013 (x32)Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)Microsoft .NET Framework 4 Extended (Version: 4.0.30319)Microsoft Security Client (Version: 4.3.0219.0)Microsoft Security Essentials (Version: 4.3.219.0)Microsoft Silverlight (Version: 5.1.20913.0)Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0)Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0)Mozilla Firefox 25.0 (x86 en-US) (x32 Version: 25.0)Mozilla Maintenance Service (x32 Version: 25.0)MPC-HC 1.7.0 (64-bit) (Version: 1.7.0.7858)MyPaint 1.0.0 (HKCU Version: 1.0.0)Notepad++ (x32 Version: 6.5)NVIDIA 3D Vision Controller Driver 326.01 (Version: 326.01)NVIDIA 3D Vision Driver 327.23 (Version: 327.23)NVIDIA Control Panel 327.23 (Version: 327.23)NVIDIA Graphics Driver 327.23 (Version: 327.23)NVIDIA HD Audio Driver 1.3.26.4 (Version: 1.3.26.4)NVIDIA Install Application (Version: 2.1002.133.889)NVIDIA PhysX (x32 Version: 9.13.0725)NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725)NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2723)OpenAL (x32)Path of Exile (x32)Pidgin (x32 Version: 2.10.7)Plogue sforzando v1.669 (Version: v1.669)Portal 2 (x32)PunkBuster Services (x32 Version: 0.992)Realtek High Definition Audio Driver (x32 Version: 6.0.1.5591)Spotify (HKCU Version: 0.9.4.185.g7545a404)Spybot - Search & Destroy (x32 Version: 2.1.21)Steam (x32 Version: 1.0.0.0)SumatraPDF (x32 Version: 2.4)Super Meat Boy (x32)Terraria (x32)The Binding of Isaac (x32)Titan Quest (x32)Trine (x32)Trust tablet driver (Version: 5.01)Unity (x32 Version: )Unity Web Player (HKCU Version: )Universe Sandbox (x32)==================== Restore Points =========================09-11-2013 08:48:54 Windows Update10-11-2013 16:58:17 Windows Update==================== Hosts content: ==========================2009-07-14 04:34 - 2013-11-10 16:40 - 00450639 ____R C:\Windows\system32\Drivers\etc\hosts127.0.0.1 www.007guard.com127.0.0.1 007guard.com127.0.0.1 008i.com127.0.0.1 www.008k.com127.0.0.1 008k.com127.0.0.1 www.00hq.com127.0.0.1 00hq.com127.0.0.1 010402.com127.0.0.1 www.032439.com127.0.0.1 032439.com127.0.0.1 www.0scan.com127.0.0.1 0scan.com127.0.0.1 1000gratisproben.com127.0.0.1 www.1000gratisproben.com127.0.0.1 1001namen.com127.0.0.1 www.1001namen.com127.0.0.1 100888290cs.com127.0.0.1 www.100888290cs.com127.0.0.1 www.100sexlinks.com127.0.0.1 100sexlinks.com127.0.0.1 10sek.com127.0.0.1 www.10sek.com127.0.0.1 www.1-2005-search.com127.0.0.1 1-2005-search.com127.0.0.1 123fporn.info127.0.0.1 www.123fporn.info127.0.0.1 123haustiereundmehr.com127.0.0.1 www.123haustiereundmehr.com127.0.0.1 123moviedownload.comThere are 1000 more lines.==================== Scheduled Tasks (whitelisted) =============Task: {75000C8C-0A43-4105-8455-D0F7875FBC25} - System32\Tasks\CCleanerSkipUAC => D:\Apps\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)Task: {9703257F-BB85-44AE-8911-4A142AC08245} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exeTask: {B7392C99-7FCB-4F0B-AB9C-CF3286997B16} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exeTask: {CE961C0D-861F-47F6-9F4D-DB30CDA8D89E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe==================== Loaded Modules (whitelisted) =============2013-10-11 01:04 - 2013-05-16 19:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl2013-10-11 01:04 - 2013-05-16 19:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl2013-10-11 01:04 - 2013-05-16 19:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl2013-10-11 01:04 - 2012-08-23 19:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll2013-10-11 01:04 - 2012-04-04 02:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll==================== Safe Mode (whitelisted) ======================================= Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (11/10/2013 02:56:08 PM) (Source: Windows Search Service) (User: )Error: (11/10/2013 02:55:32 PM) (Source: Windows Search Service) (User: )Description: The index cannot be initialized.Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)Error: (11/10/2013 02:55:32 PM) (Source: Windows Search Service) (User: )Description: The application cannot be initialized.Context: Windows ApplicationDetails: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)Error: (11/10/2013 02:55:32 PM) (Source: Windows Search Service) (User: )Description: The gatherer object cannot be initialized.Context: Windows Application, SystemIndex CatalogDetails: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)Error: (11/10/2013 02:55:32 PM) (Source: Windows Search Service) (User: )Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.Context: Windows Application, SystemIndex CatalogDetails: Element not found. (HRESULT : 0x80070490) (0x80070490)Error: (11/10/2013 02:55:31 PM) (Source: Windows Search Service) (User: )Description: The plug-in in <Search.JetPropStore> cannot be initialized.Context: Windows Application, SystemIndex CatalogDetails: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)Error: (11/10/2013 02:55:31 PM) (Source: Windows Search Service) (User: )Description: The Windows Search Service cannot load the property store information.Context: Windows Application, SystemIndex CatalogDetails: The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)Error: (11/10/2013 02:55:29 PM) (Source: Windows Search Service) (User: )Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)Error: (11/10/2013 02:55:29 PM) (Source: Windows Search Service) (User: )Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)Error: (11/10/2013 02:55:29 PM) (Source: Windows Search Service) (User: )Description: The Windows Search Service cannot open the Jet property store.Details: 0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))System errors:=============Error: (11/12/2013 08:57:35 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY)Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.Error: (11/11/2013 09:07:07 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY)Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.Error: (11/10/2013 08:58:04 PM) (Source: Service Control Manager) (User: )Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.Error: (11/10/2013 03:53:52 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY)Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.Error: (11/10/2013 02:55:33 PM) (Source: Service Control Manager) (User: )Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.Error: (11/10/2013 02:55:33 PM) (Source: Service Control Manager) (User: )Description: The Windows Search service terminated with service-specific error %%-1073473535.Error: (11/10/2013 02:55:11 PM) (Source: Service Control Manager) (User: )Description: The Adobe Licensing Console service failed to start due to the following error:%%2Error: (11/10/2013 02:55:00 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY)Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.Error: (11/10/2013 00:32:59 PM) (Source: Service Control Manager) (User: )Description: The Adobe Licensing Console service failed to start due to the following error:%%2Error: (11/10/2013 00:32:47 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY)Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.Microsoft Office Sessions:=========================Error: (11/10/2013 02:56:08 PM) (Source: Windows Search Service)(User: )Error: (11/10/2013 02:55:32 PM) (Source: Windows Search Service)(User: )Description:Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)Error: (11/10/2013 02:55:32 PM) (Source: Windows Search Service)(User: )Description: Context: Windows ApplicationDetails: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)Error: (11/10/2013 02:55:32 PM) (Source: Windows Search Service)(User: )Description: Context: Windows Application, SystemIndex CatalogDetails: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)Error: (11/10/2013 02:55:32 PM) (Source: Windows Search Service)(User: )Description: Context: Windows Application, SystemIndex CatalogDetails: Element not found. (HRESULT : 0x80070490) (0x80070490)Search.TripoliIndexerError: (11/10/2013 02:55:31 PM) (Source: Windows Search Service)(User: )Description: Context: Windows Application, SystemIndex CatalogDetails: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)Search.JetPropStoreError: (11/10/2013 02:55:31 PM) (Source: Windows Search Service)(User: )Description: Context: Windows Application, SystemIndex CatalogDetails: The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)Error: (11/10/2013 02:55:29 PM) (Source: Windows Search Service)(User: )Description:Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)The catalog is corruptError: (11/10/2013 02:55:29 PM) (Source: Windows Search Service)(User: )Description:Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)4700Error: (11/10/2013 02:55:29 PM) (Source: Windows Search Service)(User: )Description:Details: 0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))==================== Memory info ===========================Percentage of memory in use: 36%Total physical RAM: 2047.37 MBAvailable physical RAM: 1291.08 MBTotal Pagefile: 4094.73 MBAvailable Pagefile: 2971.82 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.79 MB==================== Drives ================================Drive c: () (Fixed) (Total:48.73 GB) (Free:24.47 GB) NTFSDrive d: () (Fixed) (Total:416.93 GB) (Free:304.6 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 826609AE)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=49 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=417 GB) - (Type=07 NTFS)==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Psychotic Posted November 13, 2013 ID:752940 Share Posted November 13, 2013 Delete junk with JRT Please download Junkware Removal Tool to your desktop. Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. Delete junk with adwCleanerPlease download AdwCleaner to your desktop.Run adwcleaner.exe Hit Scan and wait for the scan to finish. Confirm the message but don´t uncheck anything. Hit Clean When the run is finished, it will open up a text file Please post its contents within your next reply You´ll find the log file at C:\AdwCleaner[s1].txt also Scan with ESET Online ScanPlease go to here to run the online scannner from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartMake sure that the option Remove found threats is unticked Click on Advanced Settings and ensure these options are ticked:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth Technology[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic. Link to post Share on other sites More sharing options...
Kiba Posted November 13, 2013 Author ID:753143 Share Posted November 13, 2013 JRT and AdwCleaner logs. ESET Online scanner found nothing. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.0.8 (11.05.2013:1)OS: Windows 7 Ultimate x64Ran by Kiba on ke 13.11.2013 at 19:09:04,83~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry ValuesSuccessfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL~~~ Registry Keys~~~ Files~~~ FoldersSuccessfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"~~~ FireFoxEmptied folder: C:\Users\Kiba\AppData\Roaming\mozilla\firefox\profiles\c604mc1y.default\minidumps [12 files]~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on ke 13.11.2013 at 19:14:26,49End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v3.012 - Report created 13/11/2013 at 19:20:46# Updated 11/11/2013 by Xplode# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)# Username : kiba - KIBA1# Running from : C:\Users\kiba\Desktop\adwcleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] ********** [ Shortcuts ] ********** [ Registry ] ********** [ Browsers ] *****-\\ Internet Explorer v0.0.0.0-\\ Mozilla Firefox v25.0 (en-US)[ File : C:\Users\kiba\AppData\Roaming\Mozilla\Firefox\Profiles\c604mc1y.default\prefs.js ]*************************AdwCleaner[R0].txt - [789 octets] - [13/11/2013 19:19:29]AdwCleaner[s0].txt - [711 octets] - [13/11/2013 19:20:46]########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [770 octets] ########## Link to post Share on other sites More sharing options...
Psychotic Posted November 14, 2013 ID:753423 Share Posted November 14, 2013 SecurityCheckPlease download SecurityCheck: LINK1 LINK2 Save it to your desktop, start it and follow the instructions in the window. After the scan finished the (checkup.txt) will open. Copy its content to your thread. Link to post Share on other sites More sharing options...
Kiba Posted November 14, 2013 Author ID:753483 Share Posted November 14, 2013 Results of screen317's Security Check version 0.99.77 Windows 7 Service Pack 1 x64 (UAC is enabled) ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` MVPS Hosts File Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.75.0.1300 Adobe Flash Player 11.9.900.117 Mozilla Firefox (25.0)````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe`````````````````System Health check````````````````` Total Fragmentation on Drive C: 0%````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
Psychotic Posted November 14, 2013 ID:753489 Share Posted November 14, 2013 Your system is clean now! Uninstall our tools using delfixPlease follow these steps in order: In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed. In any case please download delfix to your desktop. Close all other programms and start delfix. Please check all the boxes and run the tool. delfix will now delete all found traces of our removal process [*] If there is still something left please delete it manualy. How to protect yourself System UpdatesBeeing up to date is very important. Please be sure to activate automatic updates in your control panel. Windows XP | Windows Vista | Windows 7 | windows 8 ProtectionWhat you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software. Up to date SoftwareStay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check: Secunia Online Software Inspector - Checks if your software has updates available. Filehippo Update Checkere - This tool also scans your computer for outdated software. Mozilla: Check your plugins - The webpage will tell you if you have outdated plugins in your Firefox browser. [*] BackupsThere are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice. [*] BrainsIt's no joke! You really need one of those things. It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want. Link to post Share on other sites More sharing options...
Kiba Posted November 14, 2013 Author ID:753503 Share Posted November 14, 2013 ---->"Deleted : RP #36 [Windows Update | 11/13/2013 10:01:09]" Why does it say it has deleted a Windows Update? Or is this just from a program we used? # DelFix v10.6 - Logfile created 14/11/2013 at 14:29:08# Updated 11/11/2013 by Xplode# Username : Kiba - KIBA1# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)~ Activating UAC ... OK~ Removing disinfection tools ...Deleted : C:\FRSTDeleted : C:\AdwCleanerDeleted : C:\Users\Kiba\Desktop\Addition.txtDeleted : C:\Users\Kiba\Desktop\AdwCleaner[s0].txtDeleted : C:\Users\Kiba\Desktop\dds.txtDeleted : C:\Users\Kiba\Desktop\FRST.txtDeleted : C:\Users\Kiba\Desktop\JRT.txtDeleted : HKLM\SOFTWARE\AdwCleaner~ Creating registry backup ... OK~ Cleaning system restore ...Deleted : RP #36 [Windows Update | 11/13/2013 10:01:09]New restore point created !~ Resetting system settings ... OK########## - EOF - ########## Link to post Share on other sites More sharing options...
Psychotic Posted November 14, 2013 ID:753505 Share Posted November 14, 2013 RP #36 [Windows Update | 11/13/2013 10:01:09] It says that a RP aka Restore Point was removed - this is done to ensure no malware was saved into the last system restore points. Link to post Share on other sites More sharing options...
Kiba Posted November 14, 2013 Author ID:753507 Share Posted November 14, 2013 Alright, i just figured it out myself, didn't read the text properly. Well, thanks for the help. These programs might be useful in the future. I'm still not sure though, why malwarebytes detected "Adobe Licensing Console" as a threat. Or was it a false positive. Link to post Share on other sites More sharing options...
Psychotic Posted November 14, 2013 ID:753509 Share Posted November 14, 2013 That was the loading point of the clicker trojan - but the file it pointed to is deleted. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted November 15, 2013 Root Admin ID:753919 Share Posted November 15, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts